🥇 1. CheckFlow - Cikakken bincike mai sauri da kyauta na zirga-zirgar hanyar sadarwa ta ciki ta amfani da Flowmon

Barka da zuwa karamin kwas ɗin mu na gaba. A wannan karon za mu yi magana game da sabon sabis ɗinmu - CheckFlow. Menene shi? A zahiri, wannan sunan talla ne kawai don duba zirga-zirgar hanyar sadarwar kyauta (na ciki da waje). Ana gudanar da binciken kanta ta amfani da kayan aiki mai ban mamaki kamar Flowmon, wanda kowane kamfani zai iya amfani dashi, kyauta, tsawon kwanaki 30. Amma, ina tabbatar muku cewa bayan sa'o'in farko na gwaji, za ku fara samun bayanai masu mahimmanci game da hanyar sadarwar ku. Haka kuma, wannan bayanin zai zama mai mahimmanci kamar ga masu gudanar da hanyar sadarwakuma ga jami'an tsaro. To, bari mu tattauna menene wannan bayanin da menene ƙimarsa (A ƙarshen labarin, kamar yadda aka saba, akwai koyawa ta bidiyo).

Anan, bari mu yi ƙaramin digression. Na tabbata cewa mutane da yawa yanzu suna tunanin: “Yaya wannan ya bambanta da Duba Tsaro CheckUP? Wataƙila masu biyan kuɗinmu sun san menene wannan (mun yi ƙoƙari sosai a kan wannan):) Kada ku yi gaggawar yanke hukunci, yayin da darasin ya ci gaba komai zai faɗi.

Abin da mai gudanar da cibiyar sadarwa zai iya dubawa ta amfani da wannan duba:

Binciken zirga-zirgar hanyar sadarwa - yadda ake loda tashoshi, menene ka'idoji da ake amfani da su, waɗanne sabobin ko masu amfani ke cinye mafi yawan adadin zirga-zirga.
Jinkirin hanyar sadarwa da asara - matsakaicin lokacin mayar da martani na ayyukan ku, kasancewar asara akan duk tashoshi (ikon samun matsala).
Binciken zirga-zirgar mai amfani - cikakken bincike na zirga-zirgar masu amfani. Adadin zirga-zirga, aikace-aikacen da aka yi amfani da su, matsalolin aiki tare da sabis na kamfani.
Ƙimar aikin aikace-aikacen - gano dalilin matsalolin aiki na aikace-aikacen kamfanoni (jinkirin hanyar sadarwa, lokacin amsawa na ayyuka, bayanan bayanai, aikace-aikace).
SLA saka idanu - ganowa ta atomatik kuma yana ba da rahoton jinkiri da asara masu mahimmanci lokacin amfani da aikace-aikacen gidan yanar gizon ku na jama'a dangane da zirga-zirga na gaske.
Nemo abubuwan da ba su dace ba na hanyar sadarwa - DNS / DHCP spoofing, madaukai, sabar DHCP na ƙarya, DNS / SMTP mara kyau da ƙari.
Matsaloli tare da daidaitawa - gano haramtaccen mai amfani ko zirga-zirgar uwar garken, wanda zai iya nuna kuskuren saitunan maɓalli ko wuta.
Cikakken rahoto - cikakken rahoto kan yanayin kayan aikin IT ɗin ku, yana ba ku damar tsara aiki ko siyan ƙarin kayan aiki.

Abin da ƙwararren tsaro na bayanai zai iya dubawa:

Viral aiki - yana gano zirga-zirgar hoto ko bidiyo mai zagaya yanar gizo da sauri a cikin hanyar sadarwar, gami da malware wanda ba a san shi ba (0-day) dangane da nazarin ɗabi'a.
Rarraba kayan fansho - da ikon gano ransomware, ko da ya yadu tsakanin kwamfutoci maƙwabta ba tare da barin nasa ɓangaren ba.
Ayyukan da ba na al'ada ba - mummunar zirga-zirgar masu amfani, sabobin, aikace-aikace, ICMP/DNS tunneling. Gano barazanar gaske ko masu yuwuwa.
Hare-haren hanyar sadarwa - Binciken tashar tashar jiragen ruwa, hare-haren karfi, DoS, DDoS, shiga tsakani (MITM).
Cire bayanan kamfani - gano abubuwan da ba a saba gani ba (ko lodawa) na bayanan kamfani daga sabar fayil ɗin kamfani.
Na'urori marasa izini - gano na'urorin da ba su da izini da aka haɗa zuwa cibiyar sadarwar kamfanoni (ƙayyade masana'anta da tsarin aiki).
Aikace-aikacen da ba a so - amfani da aikace-aikacen da aka haramta a cikin hanyar sadarwa (Bittorent, TeamViewer, VPN, Anonymizers, da sauransu).
Cryptominers da botnets - duba hanyar sadarwa don na'urorin da suka kamu da cutar da ke haɗawa da sanannun sabar C&C.

Rahoto

Dangane da sakamakon binciken, zaku iya ganin duk nazari akan dashboards Flowmon ko a cikin rahoton PDF. A ƙasa akwai wasu misalai.

Gabaɗaya nazarin zirga-zirga

Dashboard na al'ada

Ayyukan da ba na al'ada ba

Na'urorin da aka gano

Tsarin gwaji na yau da kullun

Halin #1 - ofis daya

Babban fasalin shine zaku iya bincikar zirga-zirgar waje da na ciki waɗanda ba a tantance su ta hanyar na'urorin kariyar kewayen hanyar sadarwa (NGFW, IPS, DPI, da sauransu).

Halin #2 - ofisoshi da yawa

Koyarwar bidiyo

Takaitaccen

Binciken CheckFlow kyakkyawar dama ce ga manajojin IT/IS:

Gano matsaloli na yanzu da yuwuwar a cikin kayan aikin ku na IT;
Gano matsalolin tsaro na bayanai da ingancin matakan tsaro da ake da su;
Gano babbar matsala a cikin ayyukan aikace-aikacen kasuwanci (bangaren cibiyar sadarwa, ɓangaren uwar garken, software) da waɗanda ke da alhakin warware shi;
Mahimmanci rage lokaci don magance matsaloli a cikin kayan aikin IT;
Tabbatar da buƙatar faɗaɗa tashoshi, ƙarfin uwar garken ko ƙarin siyan kayan kariya.

Ina kuma ba da shawarar karanta labarinmu na baya - Matsalolin cibiyar sadarwa 9 na yau da kullun waɗanda za'a iya gano su ta amfani da bincike na NetFlow (ta amfani da Flowmon azaman misali).
Idan kuna sha'awar wannan batu, to ku kasance da mu (sakon waya, Facebook, VK, TS Magani Blog, Yandex.Zen).

Masu amfani da rajista kawai za su iya shiga cikin binciken. Shigadon Allah.

Kuna amfani da NetFlow/sFlow/jFlow/IPFIX analyzers?

55,6%Da 5
11,1%A'a, amma ina shirin yin amfani da1
33,3%No3

Masu amfani 9 sun kada kuri'a. 1 mai amfani ya ƙi.

source: www.habr.com

1. CheckFlow - cikakken bincike mai sauri da kyauta na zirga-zirgar hanyar sadarwa ta ciki ta amfani da Flowmon